File size: 7.14Kb
<?php
/* SocCMS
* Дата последнего редактирования 22.10.2016
* Модифицировал densnet
* Автор yadalay
*/
$post = mysqli_fetch_object($db->query('SELECT `id`, `id_theme` FROM `forum_posts` WHERE `id` = ' . intval($_GET['post']) . ' AND `id_user` = ' . $user['id']));
$forum = mysqli_fetch_object($db->query('SELECT `id`, `access`, `name` FROM `forum` WHERE `id` = ' . intval($_GET['forum'])));
$razdel = mysqli_fetch_object($db->query('SELECT `id`, `id_forum`, `name` FROM `forum_razdels` WHERE `id_forum` = ' . $forum->id . ' AND `id` = ' . intval($_GET['razdel'])));
$theme = mysqli_fetch_object($db->query('SELECT `id`, `id_razdel`, `name` FROM `forum_themes` WHERE `id_razdel` = ' . $razdel->id . ' AND `id` = ' . intval($_GET['theme'])));
if (!$theme || !$razdel || !$forum || !$post || ($forum->access == 1 && $user['group_access'] < 8) || ($forum->access == 2 && $user['group_access'] < 3)) {
header('Location: ' . DIR_FORUM);
exit;
} else {
$set['title'] = lang('Добавление файла');
require_once H . 'sys/inc/thead.php';
aut();
if (isset($_POST['download'])) {
$file = mysql_real_escape_string(stripcslashes($_FILES['file']['name']));
$file = preg_replace('(\#|\?)', NULL, $file);
$name = preg_replace('#\.[^\.]*$#', NULL, $file);
$size = filesize($_FILES['file']['tmp_name']);
$ras = strtolower(preg_replace('#^.*\.#', NULL, $file));
if ($ras == 'php' || $ras == 'exe' || $ras == 'js' || $ras == 'html' || $ras == 'htaccess' || $ras == NULL) {
echo "<div class='alert alert-danger'>" . lang('Ошибка при выгрузке файла.') . "</div>";
} else {
$count_files = mysql_result(mysql_query('SELECT COUNT(*) FROM `forum_post_files` WHERE `id_post` = ' . $post->id), 0);
$db->query('INSERT INTO `forum_post_files` SET `id_theme` = ' . $theme->id . ', `id_post` = ' . $post->id . ', `id_user` = ' . $user['id'] . ', `name` = "' . $post->id . '_' . ($count_files + 1) . '.' . $ras . '", `real_name` = "' . $file . '", `size` = ' . $size);
move_uploaded_file($_FILES["file"]["tmp_name"], 'files/' . $post->id . '_' . ($count_files + 1) . '.' . $ras);
$_SESSION['download'] = "<div class='alert alert-success'>" . lang('Файл успешно прикреплён.') . "</div>";
header('Location: ' . DIR_FORUM . $forum->id . '/' . $razdel->id . '/' . $theme->id . '/' . $post->id . '/add_file');
exit;
}
} elseif (isset($_GET['del_file']) && (mysqli_fetch_object($db->query('SELECT `id_user` FROM `forum_post_files` WHERE `id` = ' . intval($_GET['del_file'])))->id_user == $user['id'] || user_access('forum_post_ed'))) {
$_SESSION['download'] = "<div class='alert alert-success'>" . lang('Файл успешно удалён.') . "</div>";
$file = mysqli_fetch_object($db->query('SELECT `id`, `id_post`, `name` FROM `forum_post_files` WHERE `id` = ' . intval($_GET['del_file'])));
unlink(DIR_FORUM_FILES . $file->name);
$db->query('DELETE FROM `forum_post_files` WHERE `id` = ' . $file->id);
header('Location: ' . DIR_FORUM . $forum->id . '/' . $razdel->id . '/' . $theme->id . '/' . $post->id . '/add_file');
exit;
}
if (isset($_SESSION['download'])) {
echo $_SESSION['download'];
unset($_SESSION['download']);
}
#Навигация
echo "<div class='list-group-item-null list-group-item-grey'><small>";
echo "<a href='/' class='hint--right' data-hint='" . lang('На главную') . "'><i class='fa fa-home fa-lg'></i></a> <i class='fa fa-angle-right fa-fw'></i> ";
echo "<a href='" . DIR_FORUM . "'>" . lang('Форум') . "</a> <i class='fa fa-angle-right fa-fw'></i> ";
echo "<a href='" . DIR_FORUM . "$forum->id/'>" . toOutput(utf8_substr($forum->name, 10)) . "</a> <i class='fa fa-angle-right fa-fw'></i> ";
echo "<a href='" . DIR_FORUM . "$forum->id/$razdel->id/'>" . toOutput(utf8_substr($razdel->name, 10)) . "</a> <i class='fa fa-angle-right fa-fw'></i> ";
echo "<a href='" . DIR_FORUM . "$forum->id/$razdel->id/$theme->id.html'>" . toOutput(utf8_substr($theme->name, 10)) . "</a> <i class='fa fa-angle-right fa-fw'></i> ";
echo lang('Добавление файла');
echo "</small></div>";
$files = $db->query('SELECT * FROM `forum_post_files` WHERE `id_post` = ' . $post->id);
while ($p_file = mysqli_fetch_object($files)) {
$ras = strtolower(preg_replace('#^.*\.#', NULL, $p_file->name));
if ($ras == 'jpg' || $ras == 'jpeg' || $ras == 'gif' || $ras == 'png' || $ras == 'bmp' || $ras == 'ico') {
$icons = "<i class='fa fa-file-image-o fa-fw'></i>";
} elseif ($ras == '3gp' || $ras == 'mp4' || $ras == 'avi' || $ras == 'mpeg' || $ras == 'flv' || $ras == 'wmv' || $ras == 'mkv') {
$icons = "<i class='fa fa-file-video-o fa-fw'></i>";
} elseif ($ras == 'docx' || $ras == 'doc' || $ras == 'docm' || $ras == 'dotx' || $ras == 'dot' || $ras == 'dotm') {
$icons = "<i class='fa fa-file-text-o fa-fw'></i>";
} elseif ($ras == 'mp1' || $ras == 'mp2' || $ras == 'mp3' || $ras == 'wav' || $ras == 'aif' || $ras == 'ape' || $ras == 'flac' || $ras == 'ogg' || $ras == 'asf' || $ras == 'wma') {
$icons = "<i class='fa fa-file-audio-o fa-fw'></i>";
} elseif ($ras == 'zip' || $ras == 'rar' || $ras == 'tar' || $ras == '7-zip' || $ras == 'gzip' || $ras == 'jar' || $ras == 'jad' || $ras == 'war' || $ras == 'xar') {
$icons = "<i class='fa fa-file-archive-o fa-fw'></i>";
} elseif ($ras == 'txt' || $ras == 'xml') {
$icons = "<i class='fa fa-file-text-o fa-fw'></i>";
} elseif ($ras == 'pdf') {
$icons = "<i class='fa fa-file-text-o fa-fw'></i>";
} elseif ($ras == 'psd') {
$icons = "<i class='fa fa-file-image-o fa-fw'></i>";
} else {
$icons = "<i class='fa fa-file-o fa-fw'></i>";
}
$icon = DIR_FORUM_FILES . $p_file->name;
echo "<table class='list-group-item-null-mini list-group-item-grey dop'><tr><td class='icon14'>";
echo "<img src='$icon' style='width: 40px;height: 40px;padding:3px;'/>";
echo "</td><td class='null'>";
echo "<span class='right'>";
echo "<a href='" . DIR_FORUM . "$forum->id/$razdel->id/$theme->id/$post->id/del_file=$p_file->id' class='hint--left' data-hint='" . lang('Удалить файл') . "'><i class='fa fa-trash-o fa-fw'></i></a>";
echo "</span>";
echo " $icons " . toOutput($p_file->real_name) . " <font color='green'>" . size_file($p_file->size) . "</font> ";
echo "</td></tr></table>";
}
echo "<form class='list-group-item-null-mini' action='" . DIR_FORUM . "$forum->id/$razdel->id/$theme->id/$post->id/add_file' method='post' enctype='multipart/form-data'>";
$doc->File('file', 'Файл');
$doc->Button('btn btn-primary btn-sm', 'download', 'paperclip', 'Прикрепить файл');
echo "</form>";
require_once H . 'sys/inc/tfoot.php';
exit;
}